There's been a lot of discussion on how to get Time Machine and Filevault to play well together -- see, for instance, these twohints. I don't feel I can put my faith (and my backups) in the hands of any of the workarounds I've read so far.

Here's my advice: forget anything clever and just use CrashPlan. I can't say enough good things about this piece of backup software. I've used it for two years now. It's very easy, and it works perfectly with FileVault. There are a couple of requirements to get it working, though:

You'll need the $60 CrashPlan+ to get continuous backups; the free version only backs up once a day.

It's important to customize the installation so the backup engine is installed at the user, not system, level. This is the only way that CrashPlan can see individual files in your FileVault archive (only when logged in, of course). They cover this (briefly) in this FAQ entry.

Once properly set up, CrashPlan+ looks for changed files on my FileVaulted home folder every two minutes (when I'm logged in), then encrypts those files and sends them to both another computer on my network and to an offsite server. You can also specify how many older versions of a file to keep; I have this set at 10 for my machine.

CrashPlan+ satisfies my desire for security, as the software encrypts my data before it leaves my MacBook. And since it uses a different sort of encryption than Filevault, I feel happier that I've spread my risk of one or the other form of encryption/decryption having a problem.

I hope my experience with CrashPlan helps someone. As mentioned above, it's been around for a few years and I'm amazed it's not better known. It's cross-platform, too. If you've found a better way to back up a FileVaulted machine, please share -- I'm no expert when it comes to computing (I'm a doctor, not a programmer).

[robg adds: I have only the most basic level of knowledge of FileVault, having never even used it. (I use encrypted disk images for those few things, such as financial files and scanned social security cards, that I'm fairly paranoid about losing to someone else.) So if there are other ways to get continuous, versioned backups of a FileVault directory, please share in the comments. I tried searching Apple's support site, but couldn't find anything relevant to FileVault and Time Machine.]

Hint Options

Click here to return to the 'One way to make real-time versioned FileVault backups' hint

The following comments are owned by whoever posted them. This site is not responsible for what they say.

One way to make real-time versioned FileVault backups
Authored by: fracai on Apr 30, '09 07:51:48AM

By encrypting your data with two different algorithms and sending the result to different places you've potentially decreased your level of security. There are now an increased number of vectors of attack towards getting at your data and it's also possible that both algorithms leak information, which while useless alone, can be combined to defeat one or both schemes.

That said, this does protect you against a single source of data corruption.

I think the best option for reducing the size of encrypted backups is to encrypt each individual file. Changes to one will not affect another and thus reduce the size of the next incremental backup.

One way to make real-time versioned FileVault backups
Authored by: poster on Apr 30, '09 08:55:24PM

For a continuous and secure backup solution, I have been using http://jungledisk.com/ which meets all my requirements.

Cross platform, encrypted in transit and while stored, open standards and very affordable. Best of all, your data is stored (encrypted) on Amazon S3 servers or Mosso servers. The user-interface for the Mac client is not as nice as other Mac software, but it is a solid backup solution and highly recommended for advanced users requiring strong security.

I too am using Crashplan, but users should be aware that Crashplan seems to have a serious security oversight when used in conjunction with FileVault.

Crashplan stores account information and its data encryption key in '/Library/Crashplan/.identity'. This file is protected only with OS X filesystem permissions. Since this file is store *outside* your FileVault it means that an attacker who steals your laptop can obtain the encryption keys without actually decrypting your FileVault.

It *may* possible to stage an offline attack against the backup data with this encryption key (I have not attempted this). It certainly appears to be a case of insecure key handling.

This issue has been reported to Crashplan and escalated to their development team, but they have not satisfactorily addressed this concern. Its seems to be possible to correct this issue by symlinking the .identity file to another location *inside* FileVault, thus protecting the backup encryption key from offline decryption alongside the rest of your FileVaulted data. Its not clear why they don't take this seemingly simple precaution.

I'm confident that the file contains fields called "privateKey" and "publicKey" as well as other obvious account data (email, guid). This is consistent with Crashplan's terminology for key handling. I'm also confident that the file is automatically updated by Crashplan and contains the same key data across every computer attached to my Crashplan account (also consistent with Crashplan's use of a single encryption key for all computers on an account).

It may be that the key may only be stored in that location if you use a "data password", which is ostensibly their higher level of security. I you use normal security level the encryption key is actually escrowed on their server (per their FAQ). In that case they may just download the key everytime.

Crashplan has a page that tries to explain all this http://support.crashplan.com/doku.php/articles/encryption_key which makes it (somewhat) clear that the "private" key is stored unencrypted on the source computer. Their latest version even offers an option to supply your own private encryption key, though its not clear that resolves the issue of secure storage of the key for FileVault users.

A good backup regime will fix all of the above. However, what a backup won't do is keep my data safe from people who would do harm, hence the encryption stuff: Filevault and Crashplan. I think it's fair to say I wouldn't stand a chance against someone bent on getting international trade secrets from my laptop. But I'm not that paranoid or that important! What I try to do is protect myself against (my) real world stuff.

How real is the risk that Basilisk (thanks by the way) describes? As mentioned in the original post, I'm not an IT professional. I think a lot of people who come to this site would find an explanation of the risk this poses in layman's terms extremely useful. Context is pretty important too.

Another thing worth thinking about is how realistic safety measures are to implement for your average mac user. It's a real shame Time Machine doesn't play well with Filevault. It's as if Apple decided it was a bit too hard to integrate, so they quietly forgot about it. If anything, us minority Filevault users need better backup support than unencrypted users.

I don't use CrashPlan (or any other internet backup), but it seems as if a technically advanced user could rather easily access your data if they came into possession of your computer.

If you want to use FileVault, you are best off giving up on easily versioned backups.

You have two good local backup options:

1) Logout of your FileVault account and use Time Machine. This seems possibly unreliable to me. I don't think it's been tested well enough, but it could work just fine.

2) Logout of your FileVault account and use Carbon Copy Cloner or SuperDuper!. The trick here is to manually maintain multiple backups. In other words, do an incremental backup every day or every couple of days, and also do a new backup from scratch every week or every couple of weeks. That way, if your FileVault image gets corrupted, you will have a previous backup to return to.

The whole trick to using FileVault is having multiple separate backups of your FileVault image. If you are unwilling to go through the hassle of doing this (which isn't too much of a hassle once you spend an afternoon getting things set up), you shouldn't be using FileVault in the first place. But if you do keep separate backups, FileVault becomes a viable way to store your user data.

Crashplan is the one (for now)
Authored by: alexmathew on May 03, '09 09:54:27PM

IN addition to my USB system clone and Time Machine backup, Crashplan has become my third level of defense against lost data. I am not too worried about the security issue mentioned here about the "key" - since I would be more likely to loose my laptop or get mugged than have someone hack into my data that way.
I was going to post a hint about Crashplan, I am glad I did a search for it before I spent time on it.
Crashplan just works!
AM